indexo.dev

merkur.dk

.dk crawl

First seen 2026-05-28 · Last seen 2026-05-30 · ok HTTP/1.1 200 628 ms crawled 2026-05-30

NL · 20.73.212.185 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Title
Merkur - Danmarks værdibaserede pengeinstitut
Description
Merkur er en helt almindelig bank tilsat ansvarlighed. Få boliglån, pension og andre ydelser i en bank, der arbejder for mennesker, natur og miljø.
Language
da
Canonical
https://merkur.dk/privat/

Open Graph

url
https://merkur.dk/privat/
title
Merkur - Danmarks værdibaserede pengeinstitut
description
Merkur er en helt almindelig bank tilsat ansvarlighed. Få boliglån, pension og andre ydelser i en bank, der arbejder for mennesker, natur og miljø.

Technology

Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (2)

  • fonts.googleapis.com×1
  • www.googletagmanager.com×1

Social

DNS records live

NS
  • ns1.eurodns.com
  • ns2.eurodns.com
  • ns3.eurodns.com
  • ns4.eurodns.com
MX
  • 5 merkur-dk.mail.protection.outlook.com
TXT
  • lxJHBAG8KnHfE5bjfDp3amIxrNsTkw5pt+6qnKPPe0A=
  • merkurapp.azurewebsites.net
Verified for
  • Apple
  • GlobalSign
  • Microsoft 365
  • TeamViewer

Email authentication strong

SPF
v=spf1 mx ip4:51.145.155.22 ip4:13.80.44.31 ip4:51.145.134.112 ip4:51.145.155.150 ip4:108.141.144.23 include:_senderidstd.bec.dk include:_spf.salesforce.com include:spf.ubivox.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; adkim=s; aspf=s;
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1odjEyTA6+wuseKTYunshbQVD1qoB7nFTqh+wIWWGFsEwBthPko/BnTnOvMMBdk7DnaD07jf1/Ml/t…
  • selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2BQjwrgTF4PCoBBMwJ9baE8AVOGAZgoiIgjylNcgLOWTALybMNs7HWZmOuK6x49x4dF4Ul75kni5zBtCu8f…
selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018
from 2025-07-28 to 2026-08-29
Expires in 89 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://merkur.dk/privat/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
sameorigin
x-content-type-options
nosniff
content-security-policy
block-all-mixed-content; default-src 'self'; frame-ancestors 'self' *.merkur.dk *.matomo.cloud; media-src 'self' data:; frame-src 'self' devnetbank.merkur.dk netbank.merkur.dk *.google.com www.facebook.com www.linkedin.com *.matomo.cloud *.googlesyndication.com *.vimeo.com; img-src 'self' data: blob: www.googletagmanager.com *.google.com www.google.dk www.google.se www.google.no www.google.de *.gstatic.com maps.googleapis.com www.facebook.com connect.facebook.net *.linkedin.com *.matomo.cloud *.googlesyndication.com *.vimeocdn.com stm.totalkredit.dk gateway.api.nykredit.it; script-src 'self' 'unsafe-eval' 'unsafe-inline' web87.prod.bec.dk ajax.cloudflare.com dawa.aws.dk connect.facebook.net www.facebook.com www.googletagmanager.com www.google.com maps.googleapis.com www.gstatic.com platform.linkedin.com www.linkedin.com code.jquery.com graph.facebook.com *.matomo.cloud www.googleadservices.com *.googlesyndication.com www.total
strict-transport-security
max-age=63072000;

Links to (3)

Linked from (2)